From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Jeremy Drake <pgsql(at)jdrake(dot)com> |
Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] less privileged pl install |
Date: | 2007-01-27 06:32:50 |
Message-ID: | 2790.1169879570@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
Jeremy Drake <pgsql(at)jdrake(dot)com> writes:
> The only difference from this is, that when superuser is required, the
> owner of the language is not the superuser who created it, but
> BOOTSTRAP_SUPERUSERID. This is because my interpretation was that the
> "same behavior as currently" took precedence. The current behavior in cvs
> is that languages have no owner, and for purposes where one would be
> needed it is assumed to be BOOTSTRAP_SUPERUSERID.
> Is this valid, or should I instead set the owner to GetUserId() in those
> cases?
I'd go with GetUserId() in the cases where you're not explicitly
assigning ownership to the datdba role. AFAIR the assumption that
languages are owned by BOOTSTRAP_SUPERUSERID was just a kluge to use in
some bits of code that had to have a notion of a specific owner. Now
in reality every superuser has the same privileges as every other one,
and so it doesn't matter much which one you use, but we might as well
record who actually did the deed.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Jeremy Drake | 2007-01-27 06:41:17 | Re: [HACKERS] less privileged pl install |
Previous Message | Martijn van Oosterhout | 2007-01-27 05:31:01 | Re: PostgreSQL Data Loss |
From | Date | Subject | |
---|---|---|---|
Next Message | Jeremy Drake | 2007-01-27 06:41:17 | Re: [HACKERS] less privileged pl install |
Previous Message | Pavan Deolasee | 2007-01-27 05:50:17 | Ctid chain following enhancement |